Automatic teller machine system for authenticating a user device

ABSTRACT

A system includes a customer authentication system, and an automatic teller machine (ATM). The ATM includes a display, one or more memory devices storing software instructions, and one or more processors configured to execute the software instructions to perform operations to: display an item on the display; store information regarding the item; receive from a customer device captured information regarding the item; receive from the customer device identifying information of a customer; send the identifying information to the customer authentication system; compare the captured information with the information stored in the one or more memory devices; authenticate the customer device based on the comparison; and allow access to the customer account via the ATM after the authentication.

BACKGROUND 1. Technical Field

The present disclosure relates to automatic teller machine (ATM)technology, and more specifically to an ATM system for authenticatingand allowing account access via a user device.

2. Introduction

A user having a user device (e.g., a smart phone or mobile device) mayaccess an ATM without the need for a physical credit card or a debitcard. The user device and the user's identity may be authenticated bythe ATM and be discretely paired with the ATM. However, existingwireless protocols are too wide range and it is difficult to controlwireless signal reflections. That is, a purely wireless solution is hardto localize.

There is a need for an ATM system for authenticating and pairing with auser device, such that a user having the user device can securely accessthe ATM without a credit card or a debit card.

SUMMARY

The disclosed embodiments describe systems for authenticating a user anda user device by an ATM and pairing the ATM with the user device. Assuch, the user can use the user device securely to access the ATMwithout a credit card or debit card.

In one embodiment, a system is provided to include a customerauthentication system configured to: authenticate a customer to accessto a customer account via a mobile application on a customer device;store an indication whether the customer is authenticated via the mobileapplication; and an automatic teller machine (ATM). The ATM includes: adisplay; one or more memory devices storing software instructions; andone or more processors configured to execute the software instructionsto perform operations to: display an item on the display; storeinformation regarding the item displayed in the one or more memorydevices, the information comprising an identification of the itemdisplayed on the display and a time at which the item is displayed onthe display; receive from a customer device via a first communicationchannel captured information regarding the item, the capturedinformation comprising captured identification of the item displayed anda captured time at which the item is displayed; receive from thecustomer device via the first communications channel identifyinginformation of a customer associated with the customer device; send theidentifying information to the customer authentication system and inresponse receive the indication whether the customer is authenticatedinto the mobile application; compare the captured information with theinformation stored in the one or more memory devices, wherein comparisoncomprises comparing the identification stored in the one or more memorydevices with the captured information and matching the time at which theitem is displayed on the display with the captured time at which theitem is captured; authenticate the customer device based on thecomparison and the indication of whether customer is authenticated intothe mobile application; and allow access to the customer account via theATM after the authentication.

In another embodiment, an ATM is provided to include: one or more memorydevices storing software instructions; and one or more processorsconfigured to execute the software instructions to perform operationsto: store in the one or more memory devices information regarding anitem displayed, the information comprising an identification of the itemdisplayed and a time at which the item is displayed; receive from a userdevice via a first communication channel captured information regardingthe item, the captured information comprising captured identification ofthe item displayed and a captured time at which the item is displayed;receive from the user device via the first communications channelidentifying information of a user associated with the user device;compare the captured information with the information stored in the oneor more memory devices, wherein comparison comprises comparing theidentification stored in the one or more memory devices with thecaptured information and matching the time at which the item isdisplayed on the display with the captured time at which the item iscaptured; authenticate the user device based on the comparison and theidentifying information; and allow access to user account via the ATMafter the authentication.

In another embodiment, a system is provided to include a networkinterface; an image processor; one or more memory devices storingsoftware instructions; and one or more processors configured to executethe software instructions to perform operations to: authenticate via aauthentication system access to a customer account via a mobileapplication on a the device; capture with the image processor an itemdisplayed on a display of an automatic teller machine (ATM), the itembeing one of a static image and a dynamic image; process the captureditem with the image processor to extract information contained in thecaptured item, the processing including one or more of featureextraction, pattern recognition, and classification; send to the ATM viaa first communication channel, a processed item result of the captureditem; send to the ATM via the first communications channel identifyinginformation of a user who is using the user device; receive from the ATMvia the first communication channel authentication information, theauthentication information being used for authenticating the userdevice; and allow access to user account via the ATM after theauthentication.

Additional features and advantages of the disclosure will be set forthin the description which follows, and in part will be obvious from thedescription, or can be learned by practice of the herein disclosedprinciples. The features and advantages of the disclosure can berealized and obtained by means of the instruments and combinationsparticularly pointed out in the appended claims. These and otherfeatures of the disclosure will become more fully apparent from thefollowing description and appended claims, or can be learned by thepractice of the principles set forth herein.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate disclosed embodiments and,together with the description, serve to explain the disclosedembodiments. The drawings are not exhaustive. Instead, emphasis isgenerally placed upon illustrating the principles of the disclosedembodiments described herein. In the drawings:

FIG. 1 illustrates a block diagram of an exemplary system, according toone embodiment of the present disclosure;

FIG. 2 illustrates a block diagram of a user device, according to oneembodiment of the present disclosure;

FIG. 3 illustrates a block diagram of an exemplary ATM, according to oneembodiment of the present disclosure;

FIG. 4 illustrates a flow chart of an exemplary system process forauthenticating a user and a user device and pairing an ATM to the userdevice;

FIG. 5 illustrates a flow chart of an exemplary process forauthenticating a user and a user device and pairing the user device toan ATM; and

FIG. 6 illustrates a flow chart of an exemplary system process forauthenticating a user and a user device and pairing an ATM to the userdevice.

DETAILED DESCRIPTION

Systems, methods, and computer-readable storage media configuredaccording to this disclosure are capable of authenticating a user and auser device and pairing an ATM with the user device, such that the userhaving the user device can securely access the ATM via the user devicewithout a credit card or a debit card. When the user without a credit ora debit card wants to use the ATM, for example, to withdraw money fromthe ATM, the user and the user device are authenticated. Theauthentication may be image-based, for example, based on images,patterns and codes (e.g., quick response (QR) codes). A display item maybe associated with an ATM. For example, the display item may be an imageon a display of the ATM. In other examples, the display may not be partof the ATM. One or more displays separate from the ATMs may be used. Forexample, a common LED display may be used. In some embodiments, thedisplay item may be at other locations, for example, projected orpointed on a wall, or screens. The display of the item may be initiatedupon detecting the user approaching the ATM. The user device capturesthe image and sends a verification of the image to the ATM. The systemmay authenticate the user and the user device based on the verification,as well as on other authentication information.

When the user and the user device are authenticated, the ATM and theuser device can be paired allowing the user device to directlycommunicate with the ATM. After authentication, the user is allowed touse the ATM to perform financial activities associated with a financialaccount of the user. This may allow the disclosed system to be capableof creating a visual pairing between the ATM and the user device withreduced potential for information intercept.

In some embodiments, the ATM and the user device may directlycommunicate with each other, for example via Bluetooth or other nearfield communications. In some embodiments, the ATM and the user devicemay indirectly communicate with each other. For example, the user devicemay communicate with a financial service system for example via anapplication on the user device. The financial service system maycommunicate via a network with the ATM to provide account authenticationand other information.

In some embodiments, an ATM may have a liquid crystal display (LCD) withan infrared backlight (e.g., active matrix LCD). Images, patterns andcodes (e.g., quick response (QR) codes) may be invisible to naked eyes,but can be captured by a camera of a user device. As such,communications between the ATM and the user device can be secured. Thismay also provide a way to convey information invisible to the naked eyebut discernable by smart phone cameras.

Various specific embodiments of the disclosure are described in detailbelow. While specific implementations are described, it should beunderstood that this is done for illustration purposes only. Othercomponents and configurations may be used without parting from thespirit and scope of the disclosure, and can be implemented incombinations of the variations provided. These variations shall bedescribed herein as the various embodiments are set forth.

FIG. 1 is a block diagram illustrating an exemplary system 100 that maybe configured for performing authentication according to exemplaryembodiments. As shown, the system 100 may comprise a user device 120, anATM 130, a financial service provider device 140, each of which maycommunicate via a network 150. While only one user device 120, ATM 130,and financial service provider device 140 are shown, it will beunderstood that the system 100 may include more than one user device120, ATM 130, financial service provider device 140, and network 150.

Each of the devices 120-140 may be a computing system configured toprovide, use, and/or process user data. As further described herein, thedevices 120-140 may include one or more computing devices (e.g.,computer(s), server(s), embedded systems), and memory storing dataand/or software instructions (e.g., database(s), memory devices). Insome embodiments, the one or more computing devices are configured toexecute software instructions stored on one or more memory devices toperform one or more operations consistent with the disclosedembodiments. Each of the devices 120-140 may be configured tocommunicate with one or more of the devices 120-140. In certain aspects,users may operate one or more of the devices 120-140 to initiate one ormore operations consistent with the disclosed embodiments. For example,the user device 120 may be operated by a user 160. The user 160 may bean owner/operator of the user device 120, such as a customer of one ormore entities associated with the devices 130 and 140. In other aspects,the user 160 may be an employee of, or associated with, the entitycorresponding to the devices 130 and 140 (e.g., someone authorized touse the underlying computing systems or otherwise act on behalf of theentity).

The user device 120 may be one or more computing devices configured toexecute software instructions for performing one or more operationsconsistent with the disclosed embodiments. In one embodiment, the userdevice 120 may be a mobile device (e.g., tablet, smartphone, etc.), adesktop computer, a laptop, a server, a wearable device (pair ofmultifunctional eyeglasses, multifunctional watch, etc.), trackingdevice, chip-enabled payment card, and/or any suitable device withcomputing capability or a dedicated hardware device.

The user device 120 may include one or more processors configured toexecute software instructions stored in memory, such as memory includedin the user device 120. The user device 120 may include software that,when executed by a processor, perform known network-relatedcommunication and content display processes. For instance, the userdevice 120 may execute browser software that generates and displaysinterface screens including content on a display device included in, orconnected to, the user device 120. The disclosed embodiment are notlimited to any particular configuration of the user device 120. Forinstance, the user device 120 may be a mobile device that stores andexecutes mobile applications that provide financial-service-relatedfunctions offered by a financial service provider, such as anapplication associated with one or more financial accounts that a user(e.g., user 160) holds with the financial service provider. Thefinancial application installed thereon, may enable the user device 120to communicate with the financial service provider device 140 and/or theATM 130 via network 150. For instance, the user device 120 may be asmartphone or tablet (or the like) that executes a stored mobileapplication that performs online banking operations.

In other embodiments, the user device 120 may connect to the financialservice provider device 140 and/or the ATM 130 through use of browsersoftware stored and executed by the user device 120. The user device 120may be configured to execute software instructions to allow a user toaccess information stored in the financial service provider device 140,such as, for example, financial information related to purchasetransactions, financial statements, account information, rewards programinformation and the like. Additionally, the user device 120 may beconfigured to execute software instructions that initiate and conducttransactions with the financial service provider device 140 or the ATM130, for example, ATM withdrawals, wire transfers, debit card PINresets, and call center transactions.

The ATM 130 may be positioned in a financial service provider branchesor other locations (e.g., retail locations, gas stations, etc.). The ATM130 may comprise one or more displays, and one or more memory device(s)that store data that may be used for performing one or more processesconsistent with the disclosed embodiments. In certain aspects, the ATM130 may additionally, or alternatively, comprise one or more computerdevices. For example, the ATM 130 may include one or more memorydevice(s) storing data and software instructions and one or moreprocessor(s) configured to use the data and execute the softwareinstructions to perform computing functions and operations known tothose skilled in the art.

The ATM may further include computer device(s) that are configured toexecute stored software instructions to perform operations associatedwith generating, presenting, storing, and processing image items,including one or more processes associated with compiling the imageitems, organizing the image items, and displaying the image items on theone or more displays of the ATM.

The ATM 130 may include one or more computer device(s) that may be ageneral purpose computer, server, mainframe computer, or any combinationof these components. In certain embodiments, the ATM 130 (or a systemincluding the ATM 130) may be configured as a particular apparatus,system, and the like based on the storage, execution, and/orimplementation of the software instructions that perform one or moreoperations consistent with the disclosed embodiments. The ATM 130 may bestandalone, or it may be part of a subsystem, which may be part of alarger system. For example, the ATM 130 may represent distributedservers that are remotely located and communicate over a network (e.g.,network 150) or a dedicated network, such as a local area network (LAN).In certain embodiments, a third party may operate the componentsassociated with the ATM 130. Additionally or alternatively, the ATM 130may be a part or subpart of the financial service provider device 140.

In some embodiments, the ATM 130 may have one or more LCDs with aninfrared backlight (e.g., active matrix LCD). In such way, the imageitems (e.g., patterns, and QR codes) may be invisible to naked eyes, butcan be picked up by the user device 120 (e.g., a smart phone camera ofthe user device 120 or a scanning device of the user device 120). Assuch, communications between the ATM 130 and the user device 120 can besecured.

In accordance with disclosed embodiments, the financial service providerdevice 140 may be a system associated with a financial service provider(not shown), such as a bank, a credit card company, a lender, brokeragefirm, or any other type of financial service entity that generates,provides, manages, maintains financial service accounts, etc. for one ormore users. The financial service provider device 140 may be one or morecomputing systems that are configured to execute software instructionsstored on one or more memory devices to perform one or more operationsconsistent with the disclosed embodiments. For example, the financialservice provider device 140 may include one or more memory device(s)storing data and software instructions and one or more processor(s)configured to use the data and execute the software instructions toperform server-based functions and operations known to those skilled inthe art. The financial service provider device 140 may include one ormore general purpose computers, mainframe computers, or any combinationof these types of components.

In some embodiments, the financial service provider device 140 mayconfigured as a particular apparatus, system, and the like based on thestorage, execution, and/or implementation of the software instructionsthat perform one or more operations consistent with the disclosedembodiments. The financial service provider device 140 may bestandalone, or it may be part of a subsystem, which may be part of alarger system. For example, the financial service provider device 140may represent distributed servers that are remotely located andcommunicate over a network (e.g., network 112) or a dedicated network,such as a LAN, for a financial service provider.

The financial service provider device 140 may include or may access oneor more storage devices configured to store data and/or softwareinstructions used by one or more processors of the financial serviceprovider device 140 to perform operations consistent with disclosedembodiments. For example, the financial service provider device 140 mayinclude a memory configured to store one or more software programs thatperforms several functions when executed by a processor. The disclosedembodiments are not limited to separate programs or computers configuredto perform dedicated tasks. For example, the financial service providerdevice 140 may include memory that stores a single program or multipleprograms. Additionally, the financial service provider device 140 mayexecute one or more programs located remotely from the ATM 130. Forexample, the financial service provider device 140 may access one ormore remote programs stored in memory included with a remote componentthat, when executed, perform operations consistent with the disclosedembodiments. In certain aspects, the financial service provider device140 may include server software that generates, maintains, and providesservices associated with financial account management. In other aspects,the financial service provider device 140 may connect separate server(s)or similar computing devices that generate, maintain, and provideservices associated with financial data for a financial service providerassociated with the financial service provider device 140.

In some embodiments, one or more personalization databases (not shown)may be associated with the financial service provider device 140. Thepersonalization database may include one or more memory device(s) thatstore data that may be used for performing one or more processesconsistent with the disclosed embodiment. In certain aspects, thepersonalization database may additionally, or alternatively, include oneor more servers or other type of computer devices. The personalizationdatabase server(s) may be one or more computing devices configured toexecute software instructions stored in memory to perform one or moreprocesses consistent with the disclosed embodiments. For example, thepersonalization database may include one or more memory device(s)storing data and software instructions and one or more processor(s)configured to use the data and execute the software instructions toperform server based functions and operations known to those skilled inthe art.

The personalization database may further include server(s) that areconfigured to execute stored software instructions to perform operationsassociated with collecting, storing, and accessing profile data relatedto the user 160, including one or more processes associated withgathering, for example, data related to the user 160's demographics,accessibility needs, display preferences, and biometrics information.The personalization database may gather the data from a variety ofsources, compile the data, and organize the data into easily accessibleprofiles. The personalization database may include one or more serversthat may be a general purpose computer, a mainframe computer, or anycombination of these components. In certain embodiments, thepersonalization database (or a system including the personalizationdatabase) may be configured as a particular apparatus, system, and thelike based on the storage, execution, and/or implementation of thesoftware instructions that perform one or more operations consistentwith the disclosed embodiments. The personalization database may bestandalone, or it may be part of a subsystem, which may be part of alarger system. For example, the personalization database may representdistributed servers that are remotely located and communicate over anetwork (e.g., network 150) or a dedicated network, such as a LAN.

In some embodiments, the personalization database may be associated withan entity, such as a company, organization, agency, etc. In oneembodiment, the personalization database entity may be a differententity than a financial service provider associated with the financialservice provider device 140. In certain aspects, a user or user(s)affiliated with a personalization database entity may operate one ormore components associated with the personalization database to collectand maintain personalization data. In other embodiments, thepersonalization database may be associated with a financial serviceprovider or other entity associated with the financial service providerdevice 140. For example, the personalization database may be a part orsubpart of the financial service provider device 140.

The network 150 may comprise any type of computer networking arrangementused to exchange data. For example, the network 150 may be the Internet,a private data network, a virtual private network using a publicnetwork, a WiFi network, a LAN or WAN network, and/or other suitableconnections that may enable information exchange among variouscomponents of the system 100. The network 150 may also include a publicswitched telephone network (“PSTN”) and/or a wireless cellular network.The network 150 may be a secured network or unsecured network. In otherembodiments, one or more components of system 100 may communicatedirectly through a dedicated communication link(s), such as linksbetween the user device 120, the ATM 130, the financial service providerdevice 140, and the personalization database.

Additionally or alternatively, the network 150 may include a directcommunication network. Direct communications may use any suitabletechnologies, including, for example, Bluetooth™, Bluetooth LE™ (BLE),WiFi, near field communications (NFC), or other suitable communicationmethods that provide a medium for transmitting data between separatedevices. In certain embodiments, the user device 120 and the ATM 130 mayconnect and communicate through a direct communications network, forexample, based on any of the above networking technologies.

The user 160 may use the user device 120 to perform one or moreoperations consistent with the disclosed embodiments. In one aspect, theuser 160 may be a customer or potential customer of a financial serviceprovider associated with the financial service provider device 140. Forinstance, the financial service provider may maintain a financialservice account (e.g., checking account, savings account, creditaccount, or the like) for the user 160 that the user 160 may use topurchase goods and/or services. The user 160 may transact business withthe financial service provider associated with the financial serviceprovider device 140. For example, the user 160 may use the user device120 and the financial service account (for example, through a mobileapplication installed on the user device 120) to withdraw cash from ordeposit cash into the ATM 130, contact a customer call center, transferor wire money, or reset their debit account PIN.

The user 160 may further operate the user device 120 in order to bedetected and recognized by the ATM 130. For example, the user device 120may detect, through the network 150, an ATM 130 in its immediateproximity. Additionally or alternatively, The ATM 130 may detect theuser device 120 in its immediate proximity. The user device 120 may thenconnect to the ATM 130 in order to initiate, conduct, or complete afinancial transaction.

FIG. 2 is an exemplary block diagram of the user device 120. The userdevice 120 may be a mobile device with computing capabilities, such as atablet, a smartphone, a wearable device, or any combination of thesedevices and/or affiliated components. As shown, the user device 120 mayinclude one or more processors 210, a display screen 220, a networkinterface 230, and one or more memory devices 240 storing one or moreoperating systems 250, including a mobile application 260.

The processor(s) 210 may include one or more known processing devices,such as a microprocessor from the Core™, Pentium™ or Xeon™ familymanufactured by Intel™, the Turion™ family manufactured by AMD™, the“Ax” or “Sx” family manufactured by Apple™, or any of various processorsmanufactured by Sun Microsystems, for example. The processor(s) 210 mayinclude one or more known digital signal processors (DSP). The disclosedembodiments are not limited to any type of processor(s) otherwiseconfigured to meet the computing demands required of differentcomponents of the user device 120.

The display screen 220 may include, for example, a LCD, a light emittingdiode screen (LED), an organic light emitting diode screen (OLED), atough screen, o other known display screen. The display screen 220 maydisplay various kinds of information consistent with the disclosedembodiments.

The network interface 230 may allow the user device 120 to send andreceive information through the network 150. Alternatively oradditionally, the network interface 230 may establish direct wired orwireless connection between the user device 120 and the other systemcomponents, such as the ATM 130, and/or the financial service providerdevice 140.

The memory 240 may be, for example, a magnetic, semiconductor, tape,optical, removable, non-removable, or other type of storage device ortangible (e.g., non-transitory) computer readable medium. The memory 240may store the operating system 250, as well as data and mobileapplication for performing operations consistent with functionsdescribed below.

The operating system 250 may perform know operating system functionswhen executed by the processor(s) 210. By way of example, the operatingsystem 250 may include Android™, Apple OS X™, Unix™, Linux™, or others.Accordingly, examples of the disclosed embodiments may operate andfunction with computer systems running any type of operating systemrunning the application 260.

The application 260 may be a mobile application associated with thefinancial service provider of the financial service provider device 140.The user 160 may conduct various transactions via the application 260with the financial service provider device 140 and/or the ATM 130, asdescribed above. In some embodiments, the user device 120 may beequipped with scanning and photographing functions, for example, acamera on the user device 120 for taking photos or recording videos ofitems shown on the display of the ATM 130, and a scanning device on theuser device 120 for scanning items shown on the display of the ATM 130(e.g., QR codes). Accordingly, the application 260 may be programmed toprocess the captured items, and communicate the processed results of thecaptured items to the ATM 130. Alternatively, the item processingfunction may be implemented in a different application with which theapplication 260 may communicate when the application 260 needs toprocess items captured from the display of the ATM 130.

FIG. 3 is an exemplary block diagram of the ATM 130, which may also beused for the financial service provider device 140. The ATM 130 may haveone or more processors 310, a display screen 320, a network interface330, input/output (I/O) devices 340, and one or more memories 350. Insome embodiments, the ATM 130 may take the form of a server, generalpurpose computer, a mainframe computer, laptop, smartphone, mobiledevice, or any combination of these components.

The processor 310 may include one or more known processing devices, suchas a microprocessor from the Pentium™ or Xeon™ family manufactured byIntel™, the Turion™ family manufactured by AMD™, or any of variousprocessors manufactured by Sun Microsystems. The processor 310 mayconstitute a single core or multiple core processor that executesparallel processes simultaneously. For example, the processor 310 may bea single core processor configured with virtual processing technologies.In certain embodiments, the processor 310 may use logical processors tosimultaneously execute and control multiple processes. The processor 310may implement virtual machine technologies, or other known technologiesto provide the ability to execute, control, run, manipulate, store, etc.multiple software processes, applications, programs, etc. In anotherembodiment, the processor 310 may include a multiple-core processorarrangement (e.g., dual, quad core, etc.) configured to provide parallelprocessing functionalities to allow the ATM 130 to execute multipleprocesses simultaneously. One of ordinary skill in the art wouldunderstand that other types of processor arrangements could beimplemented that provide for the capabilities disclosed herein. Thedisclosed embodiments are not limited to any type of processor(s)configured in the ATM 130.

The display screen 320 may comprise any size or form factor displaybased on any display technology, for example, a LCD, a light emittingdiode screen (LED), an organic light emitting diode screen (OLED), atough screen, o other known display screen. The display screen 320 mayalso be a display with an infrared backlight, so items displayed on thedisplay can be invisible to naked eyes, but can be captured by the userdevice 120. The display screen 320 may display various kinds ofinformation consistent with the disclosed embodiments. The displayscreen 320 may be mounted flush with a wall or other surface or behind aglass barrier (not shown) such that unauthorized devices may be moredifficult to attach to the ATM 130 and/or more easily detected.

The network interface 330 may allow the ATM 130 to send and receiveinformation through the network 150. Alternatively or additionally, thenetwork interface 330 may establish direct wired or wireless connectionbetween the user device 120 and the other system components, such as thefinancial service provider device 140.

I/O devices 340 may be one or more device that is configured to allowdata to be received and/or transmitted by the ATM 130. I/O devices 340may include one or more digital and/or analog communication devices thatallow the ATM 130 to communicate with other machines and devices, suchas other components of system 100 shown in FIG. 1. For example, the ATM130 may include interface components, which may provide interfaces toone or more input devices, such as one or more keyboards, mouse devices,displays, touch sensors, card readers, biometric readers, cameras,scanners, microphones, wireless communications devices, and the like,which may enable the ATM to receive input from an operator of the ATM,such as user 108.

The memory 350 may include one or more storage devices configured tostore instructions used by processor 310 to perform functions related tothe disclosed embodiments. For example, the memory 350 may be configuredwith one or more software instructions, such as program(s) 360 that mayperform one or more operations when executed by the processor 310. Thedisclosed embodiments are not limited to separate programs or computersconfigured to perform dedicated tasks. For example, the memory 350 mayinclude the program 360 that performs the functions of the ATM 130, orthe program 360 could comprise multiple programs. Additionally, theprocessor 310 may execute one or more programs located remotely from theATM 130. For example, the financial service provider device 140 and theuser device 120 may, via the ATM 130 (or variants thereof), access oneor more remote programs that, when executed, perform functions relatedto certain disclosed embodiments. The processor 310 may further executeone or more programs located in the personalization database. In someembodiments, the programs 360 may be stored in an external storagedevice, such as a cloud server located outside of the ATM 130, and theprocessor 310 may execute the programs 360 remotely.

The programs 360 executed by the processor 310 may cause the processor310 to execute one or more processes related to financial servicesprovided to users (e.g., the user 160) including, but not limited to,processing credit and debit card transactions, checking transactions,fund deposits and withdrawals, transferring money between financialaccounts, lending loans, processing payments for credit card and loanaccounts, processing orders for certified funds, processing orders fornew or reissue debit cards, and processing ATM cash withdrawals.

The memory 350 may also store data that may reflect any type ofinformation in any format that the ATM 130 may use to perform operationsconsistent with the disclosed embodiments. The memory 350 may storeinstructions to enable the processor 310 to execute one or moreapplications, such as server applications, network communicationprocesses, and any other type of application or software. Alternatively,the instructions, application programs, etc., may be stored in anexternal storage (not shown) in communication with the ATM 130 via thenetwork 150 or any other suitable network. The memory 350 may be avolatile or non-volatile, magnetic, semiconductor, tape, optical,removable, nonremovable, or other type of storage device or tangible(i.e., non-transitory) computer-readable medium.

The memory 350 may include transaction data 370. The transaction data370 may include information related to financial transactions initiatedby a user. For example, the transaction data 370 may include a useridentifier and a transaction type. The user identifier may be a creditor debit card number, and account number, or another means foridentifying the user initiating the financial transaction. Thetransaction type may include an indicator of the type of transaction theuser is initiating, such as, ATM cash withdrawal, debit PIN reset, moneywire or transfer, call to the customer service center, ordering a new orreissue debit card, ordering certified funds, or other transactionsrequiring user authentication. The transaction data 370 may also includeauthentication data obtained from the user for the purposes ofauthorizing the transaction by verifying the authenticity of providedimage data as compared to stored image data. Additionally oralternatively, the transaction data 370 may be stored in thepersonalization database or in an external storage (not shown) incommunication with the ATM 130 via the network 150 or any other suitablenetwork.

The memory 350 may further include customer data 380. The customer data380 may include information about particular customers of the financialservice provider. For example, the customer data 380 may includeclients' account information, debit or credit card information, historyof purchase transactions, financial statements, credit score, riskprofile, username and password, debit card PIN, home and work locations,and/or biometric information. Additionally, the customer data 380 mayinclude user device identification information, such as, for example, aphone number, email address, IP address, Bluetooth signature, or otherdevice identifier. Alternatively the customer data 380 may be stored inthe personalization database, or in an external storage (not shown) incommunication with the ATM 130 via the network 150 or any other suitablenetwork.

The processor 310 may analyze transaction data 370 in reference tocustomer data 380. For example, the processor 310 may analyze thetransaction data 370 to determine which client with information storedin the customer data 380 is initiating the financial transaction. Theprocessor 310 may access the particular user's customer information todetermine their account information, debit or credit card information,history of purchase transactions, financial statements, credit score,risk profile, username and password, debit card PIN, home and worklocations, and/or authentication data.

FIG. 4 illustrates a flow chart of an exemplary system process 400 forauthenticating a user and a user device, according to one embodiment ofthis disclosure. The exemplary system may include a customerauthentication system and an ATM. The customer authentication system canbe configured to: authenticate a customer to access to a customeraccount via a mobile application on a customer device; and store anindication whether the customer is authenticated via the mobileapplication. The ATM may include a display; one or more memory devicesstoring software instructions; and one or more processors configured toexecute the software instructions to perform operations disclosed below.The exemplary system can be the system 100 in FIG. 1. The customerauthentication system can the financial service provider device 140 inFIG. 1. The ATM can be the ATM 130 in FIG. 1.

The process 400 may be performed by processor 310 of the ATM 130executing instructions encoded on a computer-readable medium storagedevice for providing ATM functionality. It is to be understood, however,that one or more steps of the process 400 may be implemented by othercomponents of the system 100 (shown or not shown). In addition, one ormore steps of the process 400 may be optional, that is one or more stepsof the process 400 may not be necessary for authenticating a customerand a user device.

At step 402, the ATM 130 may generate and display an item on the display320, for example, on an interface of the display 320. The item may begenerated randomly or be predetermined by the processor 310 via theprogram 360. The item may be one of a static image, a dynamic image, anda combination thereof. For example, the static image can be variousshapes, symbols, codes, or cartoons, for example a square, a triangle,an exclamation, a dollar sign, an animal image cartoon, a tree image, aquick response (QR) code, a bar code, etc. The dynamic image may includea short video clip (e.g., less than 5 second), a flashing image strobedat a specified or random time interval, etc. The static image may alsobe patterns, for example, a series of triangle shapes arranged in acertain pattern, a series of symbols arranged in a certain patterndisplayed with different timings, etc. The item can also be a series ofimages displayed with time intervals between each of the series ofimages.

The item may be generated in advance by the ATM 130 prior to a customerapproaching the ATM 130, or may be generated instantly by the ATM 130upon the customer approaching the ATM 130. For example, the item may begenerated in advance and displayed on the display 320 all the timesuntil a customer of the ATM 130 approaches or activates the ATM 130.Alternatively, the item may be generated in advance and displayed on thedisplay 320 for a specified period of time (e.g., 1 minute) and thenhibernate (e.g., having a screen saver running) until a customer of theATM 130 approaches or activate the ATM 130. Alternatively, the item maybe generated on-demand by the ATM 130 when a customer of the ATM 130 isdetected to approach or activate the ATM 130. For example, a detectiondevice such as a surveillance camera or a motion sensor may detect acustomer entering the proximity of the ATM 130. The detection device mayissue a corresponding notification. The one or more processors of theATM 130 may be configured to execute the software instructions toperform operations to: receive the notification; and display the item inresponse to receiving the notification.

At step 404, information regarding the item generated and displayed maybe stored in the one or more memory devices 350 of the ATM 130. Theinformation may comprise an order in which the item is generated anddisplayed on the display, a time at which the item is generated anddisplayed on the display, an identification of the item displayed on thedisplay, and a time interval at which the item is displayed on thedisplay. The item displayed on the display may be captured by the userdevice 120. The user 160 may capture the item using the user device 120.For example, the user 160 may use a camera of the user device 120 totake a photo of the item, use a scanning device of the user device 120to scan the item, or use a video recording device of the user device 120to record the item (e.g., the item being a short video playing on thedisplay).

In some embodiments, when the item is an infrared item displayed on thedisplay of the ATM 130, which is invisible to naked eye, the user device120 may be configured and programmed to be capable of capturing andprocessing such infrared items.

At step 406, the ATM 130 may receive from the user device 120 via afirst communication channel (e.g., the network 150 in the system 100)captured information of the item. The captured information of the itemmay include a captured identification of the item displayed, and acaptured time at which the item is displayed. The captured informationmay be part of a processed item result of the captured item processed bythe user device 120. For example, after the user 160 captures the itemusing the user device 120, the captured item may be processed on theuser device 120. For example, the user device 120 may run theapplication 260 to process the captured item, or may run a dedicatedimage processing program to process the captured item. Processing thecaptured item may involve image recognition, image classification,feature extraction, etc. as known to a skilled person in the art. Theprocessed item result may comprise a copy of the item being captured,the identification of the item displayed, a time at which the item isdisplayed, a time at which the item is captured, an order at which theitem(s) is captured, and a time interval at which the item(s) iscaptured. The processed item result may also comprise a verificationcode indicative of the QR code being scanned by the user device 120. Theprocessed item result may be transmitted from the user device 120 to theATM 130 via the network 150, which may be referred to as a back channelbetween the user device 120 and the ATM 130. Alternatively the firstcommunication channel may be a direct communication channel between theuser device 120 and the ATM 130, for example, Bluetooth or other nearfiled communications (i.e., pairing between the user device 120 and theATM 130).

At step 408, the ATM 130 may receive from the user device 120 via thefirst communication channel (e.g., the network 150) identifyinginformation of the user 160 who is using or associated with the userdevice 120. The user 160 may log into the financial service providerdevice 140 via the application 260 on the user device 120 to retrievethe identifying information and send the identifying information to theATM 130. The identifying information may comprise any information of theuser profile of the user 160 who has a financial account with thefinancial service provider, as described above. For example, theidentifying information may comprise a customer/user name, acustomer/user billing address, a customer/user mailing address, acustomer/user financial account number, a customer/user phone number, acustomer/user email address, a customer/user birthday, and acustomer/user social security number, etc. In some embodiments, theidentifying information may further include a digital signature of theuser 160 from the mobile application on the user device 120.

At step 410, the ATM 130 may send the identifying information receivedvia the first communication channel from the user device to the customerauthentication system (e.g., the financial service provider device 140),and in response receive an indication from the customer authenticationsystem whether the user/customer is authenticated into the mobileapplication (e.g. the application 260 of the user device 120). Afterreceiving the identifying information from the ATM 130, the financialservice provider device 140 may compare the identifying informationreceived from the ATM 130 with identifying information (e.g., personalor financial account information and the digital signature of the user160) stored in its memory or the personalization database. If theidentifying information received from the ATM 130 matches withidentifying information stored in its memory or the personalizationdatabase, the financial service provider device 140 sends to the ATM 130an indication of the customer being authenticated into the mobileapplication. If the identifying information received from the ATM 130does not match with identifying information stored in its memory or thepersonalization database, the financial service provider device 140sends to the ATM 130 an indication of the customer not beingauthenticated into the mobile application.

At step 412, the ATM 130 may compare the captured information (part ofthe processed item result) with the item information stored in the oneor more memory devices 350 of the ATM 130. The comparison may comprisecomparing the item stored in the one or more memory devices 350 with thecopy of the item being captured by the user device 120, comparing thetime at which the item is displayed on the display of the ATM 130 withthe time at which the item is captured by the user device 120, comparingthe time interval at which the item is displayed on the display of theATM 130 with the time interval at which the item is captured by the userdevice 120, comparing the identification stored in the one or morememory devices with the captured information and matching the time atwhich the item is displayed on the display with the captured time atwhich the item is captured. For example, the ATM 130 may determinewhether or not the item stored in the one or more memory devices 350matches with the copy of the item being captured by the user device 120,whether or not the time at which the item is displayed on the display ofthe ATM 130 matches with the time at which the item is captured by theuser device 120, whether or not the time interval at which the item isdisplayed on the display of the ATM 130 matches with the time intervalat which the item is captured by the user device 120, whether or not theidentification stored in the one or more memory devices matches with thecaptured information, and whether or not the time at which the item isdisplayed on the display matches with the captured time at which theitem is captured.

At step 414, the ATM 130 may authenticate the user device 120 based onthe comparison and the indication of whether the user is authenticatedinto the mobile application. For example, the ATM 130 may authenticatethe user device 120 if the comparison may indicate one or more of: theitem stored in the one or more memory devices 350 matches with the copyof the item being captured by the user device 120, the time at which theitem is displayed on the display of the ATM 130 matches with the time atwhich the item is captured by the user device 120, and the time intervalat which the item is displayed on the display of the ATM 130 matcheswith the time interval at which the item is captured by the user device120. The ATM 130 may further authenticate the user device 120 based onthe indication which is received from the customer authentication systemat step 410. Once the ATM 130 authenticates the user device 120, the ATM130 may send via the first communication channel authenticationinformation to the user device 120. The authentication information maybe indicative of the user device 120 having been authenticated, forexample, “this device has been authenticated, and you are allowed to usethe ATM now” or a green-colored light symbol may be sent to the userdevice 120 to indicate the user device 120 has been passed theauthentication.

As mentioned above, the first communication channel may be the network150 or the direct communication between the user device 120 and the ATM130. If the first communication channel is the network 150,communications between the user device 120 and the ATM 130 may be viathe financial service provider device 140. For example, after the userdevice 120 captures the item displayed on the ATM 130, the user device120 may send the processed item result of the captured item to thefinancial service provider device 140 by logging into the mobileapplication, and the financial service provider device 140 then forwardsthe processed item result to the ATM 130. If the first communicationchannel is a direct connection between the user device 120 and the ATM130, the network 150 may be a second communication channel, for examplefor sending and receiving the identifying information.

At step 416, access to the customer account via the ATM can be allowedafter the authentication. For example, after the secure directcommunication is established between the ATM 130 and the user device120, the user 160 may use the user device 120 or may directly performvarious transactions on the ATM 130, as described above.

FIG. 5 illustrates a flow chart of an exemplary process 500 forauthenticating by the ATM a user device and pairing the ATM to the userdevice, in accordance with one embodiment of the present disclosure. Theprocess 500 may be performed by the processor 310 of the ATM 130executing instructions encoded on a computer-readable medium storagedevice for providing ATM functionalities. It is to be understood,however, that one or more steps of the process 500 may be implemented byother components of the system 100 (shown or not shown). One or moresteps of the process 500 may be substantially similar to one or moresteps of the process 400, therefore, details of such steps of theprocess 500 may not be repeated herein. In addition, one or more stepsof the process 500 may be optional, that is one or more steps of theprocess 500 may not be necessary for authenticating a customer and auser device.

At step 502, the ATM 130 may generate and display an item on the display320, for example, on an interface of the display 320. The item may begenerated randomly or predetermined by the processor 310 via the program360. The item may be one of a static image, a dynamic image, and acombination thereof. For example, the static image can be variousshapes, symbols, codes, or cartoons, for example a square, a triangle,an exclamation, a dollar sign, an animal image cartoon, a tree image, aquick response (QR) code, a bar code, etc. The dynamic image may includea short video clip (e.g., less than 5 second), a flashing image strobedat a specified or random time interval, etc. The static image may alsobe patterns, for example, a series of triangle shapes arranged in acertain pattern, a series of symbols arranged in a certain patterndisplayed with different timings, etc. The item can also be a series ofimages displayed with time intervals between each of the series ofimages.

The item may be generated in advance by the ATM 130 prior to a customerapproaching the ATM 130, or may be generated instantly by the ATM 130upon the customer approaching the ATM 130. For example, the item may begenerated in advance and displayed on the display 320 all the timesuntil a customer of the ATM 130 approaches or activates the ATM 130.Alternatively, the item may be generated in advance and displayed on thedisplay 320 for a specified period of time (e.g., 30 seconds) and thenhibernate (e.g., having a screen saver running) until a customer of theATM 130 approaches or activate the ATM 130. Alternatively, the item maybe generated on-demand by the ATM 130 when a customer of the ATM 130 isdetected to approach or activate the ATM 130. For example, a detectiondevice such as a surveillance camera or a motion sensor may detect acustomer entering the proximity of the ATM 130. The detection device mayissue a corresponding notification. The one or more processors of theATM 130 may be configured to execute the software instructions toperform operations to: receive the notification; and display the item inresponse to receiving the notification. At step 504, informationregarding the item generated and displayed may be stored in the one ormore memory devices 350 of the ATM 130. The information may comprise anorder in which the item is generated and displayed on the display, atime at which the item is generated and displayed on the display, anidentification of the item displayed on the display, and a time intervalat which the item is displayed on the display.

The item displayed on the display may be captured by the user device120. The user 160 may capture the item using the user device 120. Forexample, the user 160 may use a camera of the user device 120 to take aphoto of the item, use a scanning device of the user device 120 to scanthe item, or use a video recording device of the user device 120 torecord the item (e.g., the item being a short video playing on thedisplay).

In some embodiments, when the item is an infrared item displayed on thedisplay of the ATM 130, which is invisible to naked eye, the user device120 may be configured and programmed to be capable of capturing andprocessing such infrared items.

At step 506, the ATM 130 may receive from the user device 120 via afirst communication channel (e.g., the network 150 in the system 100)captured information of the item. The captured information of the itemmay include captured identification of the item displayed, and acaptured time at which the item is displayed. The captured informationmay be part of a processed item result of the captured item processed bythe user device 120. For example, after the user 160 captures the itemusing the user device 120, the captured item may be processed on theuser device 120. For example, the user device 120 may run theapplication 260 to process the captured item, or may run a dedicatedimage processing program to process the captured item. Processing thecaptured item may involve image recognition, image classification,feature extraction, etc. as known to a skilled person in the art. Theprocessed item result may comprise a copy of the item being captured,the identification of the item displayed, a time at which the item isdisplayed, a time at which the item is captured, an order at which theitem(s) is captured, and a time interval at which the item(s) iscaptured. The processed item result may also comprise a verificationcode indicative of the QR code being scanned by the user device 120. Theprocessed item result may be transmitted from the user device 120 to theATM 130 via the network 150, which may be referred to as a back channelbetween the user device 120 and the ATM 130. Alternatively the firstcommunication channel may be a direct communication channel between theuser device 120 and the ATM 130, for example, Bluetooth or other nearfiled communications (i.e., pairing between the user device 120 and theATM 130).

At step 508, the ATM 130 may receive from the user device 120 via thefirst communication channel (e.g., the network 150) identifyinginformation of the user 160 who is using or associated with the userdevice 120. The user 160 may log into the financial service providerdevice 140 via the application 260 on the user device 120 to retrievethe identifying information and send the identifying information to theATM 130. The identifying information may comprise any information of theuser profile of the user 160 who has a financial account with thefinancial service provider, as described above. For example, theidentifying information may comprise a user name, a user billingaddress, a user mailing address, a user financial account number, a userphone number, a user email address, a user birthday, and a user socialsecurity number, etc. In some embodiments, the identifying informationmay further include a digital signature of the user 160 from the mobileapplication on the user device 120.

At step 510, the ATM 130 may compare the captured information (part ofthe processed item result) with the item information stored in the oneor more memory devices 350 of the ATM 130. The comparison may comprisecomparing the item stored in the one or more memory devices 350 with thecopy of the item being captured by the user device 120, comparing thetime at which the item is displayed on the display of the ATM 130 withthe time at which the item is captured by the user device 120, comparingthe time interval at which the item is displayed on the display of theATM 130 with the time interval at which the item is captured by the userdevice 120, comparing the identification stored in the one or morememory devices with the captured information and matching the time atwhich the item is displayed on the display with the captured time atwhich the item is captured. For example, the ATM 130 may determinewhether or not the item stored in the one or more memory devices 350matches with the copy of the item being captured by the user device 120,whether or not the time at which the item is displayed on the display ofthe ATM 130 matches with the time at which the item is captured by theuser device 120, whether or not the time interval at which the item isdisplayed on the display of the ATM 130 matches with the time intervalat which the item is captured by the user device 120, whether or not theidentification stored in the one or more memory devices matches with thecaptured information, and whether or not the time at which the item isdisplayed on the display matches with the captured time at which theitem is captured.

At step 512, the ATM 130 may authenticate the user device 120 based onthe comparison and the identification information. For example, the ATM130 may authenticate the user device 120 if the comparison may indicateone or more of: the item stored in the one or more memory devices 350matches with the copy of the item being captured by the user device 120,the time at which the item is displayed on the display of the ATM 130matches with the time at which the item is captured by the user device120, and the time interval at which the item is displayed on the displayof the ATM 130 matches with the time interval at which the item iscaptured by the user device 120. The ATM 130 may further authenticatethe user device 120 based on the identification information by checkingwhether or not the received identifying information matches withpersonal or financial account information (e.g., customer data 380) ofthe user 160 stored in the memory 350 of the ATM 130.

Once the ATM 130 authenticates the user device 120, the ATM 130 may sendvia the first communication channel authentication information to theuser device 120. The authentication information may be indicative of theuser device 120 having been authenticated, for example, “this device hasbeen authenticated, and you are allowed to use the ATM now” or agreen-colored light symbol may be sent to the user device 120 toindicate the user device 120 has been passed the authentication.

As mentioned above, the first communication channel may be the network150 or the direct communication between the user device 120 and the ATM130. If the first communication channel is the network 150,communications between the user device 120 and the ATM 130 may be viathe financial service provider device 140. For example, after the userdevice 120 captures the item displayed on the ATM 130, the user device120 may send the processed item result of the captured item to thefinancial service provider device 140 by logging into the mobileapplication, and the financial service provider device 140 then forwardsthe processed item result to the ATM 130. If the first communicationchannel is a direct connection between the user device 120 and the ATM130, the network 150 may be a second communication channel, for examplefor sending and receiving the identifying information.

At step 514, access to the customer account via the ATM can be allowedafter the authentication. For example, after the secure directcommunication is established between the ATM 130 and the user device120, the user 160 may use the user device 120 or may directly performvarious transactions on the ATM 130, as described above.

FIG. 6 illustrates a flow chart of an exemplary process 600 forauthenticating a user and a user device and pairing the user device toan ATM, according to one embodiment of this disclosure. The process 600may be performed by processor 110 of the user device 120 executinginstructions encoded on a computer-readable medium storage device forproviding user device functionality. It is to be understood, however,that one or more steps of the process 600 may be implemented by othercomponents of the system 100 (shown or not shown). In addition, one ormore steps of the process 600 may be optional, that is one or more stepsof the process 600 may not be necessary for authenticating a customerand a user device.

The user device 120 may include a network interface; an image processor;one or more memory devices storing software instructions; and one ormore processors configured to execute the software instructions toperform operations described below. The financial service providerdevice 140 in the system 100 can be a customer authentication systemthat can be configured to: authenticate a customer to access to acustomer account via a mobile application on a customer device; andstore an indication whether the customer is authenticated via the mobileapplication. At step 602, the user device 120 may authenticate via theauthentication system access to a customer account via a mobileapplication on the device. For example, the user device 120 mayauthenticate the user 160 to access a financial account of the user 160stored on the financial service provider device 140 by communicating viathe application 260 with the financial service provider device 140.

At step 604, the user device 120 may capture via the image processor anitem displayed on a display of the ATM 130 to show the item on thedisplay screen 220 of the user device 120. The item may be one of astatic image a dynamic image, and a combination thereof. For example,the static image can be various shapes, symbols, codes, or cartoons, forexample a square, a triangle, an exclamation, a dollar sign, an animalimage cartoon, a tree image, a QR code, a bar code, etc. The dynamicimage may include a short video clip (e.g., less than 3 second), aflashing image strobed at a specified or random time interval, etc. Thestatic image may also be patterns, for example, a series of triangleshapes arranged in a certain pattern, a series of symbols arranged in acertain pattern displayed with different timings, etc. The item can alsobe a series of images displayed with time intervals between each of theseries of images.

For example, when the user 160 having the user device 120 approaches theATM 130, the item is actively displayed on the display of the ATM 130.The user 160 may capture the item using the user device 120. Forexample, the user 160 may use a camera of the user device 120 to take aphoto of the item, use a scanning device of the user device 120 to scanthe item, or use a video recording device of the user device 120 torecord the item (e.g., the item being a short video playing on thedisplay of the ATM 130). The user 160 may access capturing devices ofthe user device 120 via the mobile application. The captured informationof the item may include captured identification of the item displayed,and a captured time at which the item is displayed. The capturedinformation may be part of a processed item result of the captured itemprocessed by the user device 120.

In some embodiments, when the item is an infrared item displayed on thedisplay of the ATM 130, which is invisible to naked eye, the user device120 may be configured and programmed to be capable of capturing andprocessing such infrared items.

At step 606, the user device 120 may process the captured item with theimage processor to extract information contained in the captured item.For example, the user device 120 may run the application 260 to processthe captured item, or may run a dedicated image processing program toprocess the captured item. Processing the captured item may involveimage recognition, image classification, feature extraction, patternrecognition etc. as known in the prior art. The processing may alsoinclude identifying an identification of the item, a time at which theitem is displayed on the ATM 130, a time at which the item is captured,an order at which the item is captured, a time interval at which theitem is captured, dimensions of the item, a shape of the item, etc. Theprocessing may also include digitally signing the processed item resultwith a digital signature from the mobile application on the user device120.

At step 608, the user device 120 may send to the ATM 130 via a firstcommunication channel (e.g., the network 150), a processed item resultof the captured item. The processed item result may comprise a copy ofthe item being captured, a time at which the item(s) is captured, anorder at which the item is captured, a time interval at which theitem(s) is captured, the digital signature on the processed item result,etc. The processed item result may also comprise a verification codeindicative of the QR code being scanned by the user device 120.Alternatively the first communication channel may be a directcommunication channel between the user device 120 and the ATM 130, forexample, Bluetooth or other near filed communications (i.e., pairingbetween the user device 120 and the ATM 130).

At step 610, the user device 120 may send to the ATM 130 via the firstcommunications means identifying information of a user who is using theuser device 120. The user 160 may log into the financial serviceprovider device 140 via the application 260 on the user device 120 toretrieve the identifying information and send the identifyinginformation to the ATM 130. The identifying information may comprise anyinformation of the user profile of the user 160 who has a financialaccount with the financial service provider, as described above. Forexample, the identifying information may comprise a user name, a userbilling address, a user mailing address, a user financial accountnumber, a user phone number, a user email address, a user birthday, anda user social security number, etc.

At step 612, the user device 120 may receive from the ATM 130 via thefirst communication channel authentication information. The ATM 130 mayauthenticate the user device 120 based on the processed item result ofthe captured item and the identifying information, as described above.The authentication information can be used for authenticating the userdevice 120.

The authentication information may be indicative of the user device 120having been authenticated, for example, “this device has beenauthenticated, and you are allowed to use the ATM now” or agreen-colored light symbol may be sent to the user device 120 toindicate the user device 120 has been passed the authentication.

At step 614, access to the customer account via the ATM can be allowedafter the authentication. For example, after the secure directcommunication is established between the ATM 130 and the user device120, the user 160 may use the user device 120 or may directly performvarious transactions on the ATM 130, as described above.

In some embodiments, the process 600 may further include receiving achallenge at the mobile application from the ATM; and sending a reply tothe challenge to the ATM. The challenge may be a question, and the replyto the challenge can be an answer to the question. The authentication bythe ATM may be based on the question and the answer to the question.

Although the above description includes examples for a system includingan ATM with a display, the disclosure can be equally applied toCashier's check Kiosks, Bill Payment Kiosks, ATMs without a display, orother transaction terminals that may or may not have a display, forexample, an ATM without a display, a keypad or any place to insert acard which may be a cash out only device.

In an example embodiment where an ATM is not configured to have adisplay, the ATM may be configured to have or in communication with aspeaker that can play an audio clip, and a user device is configured tobe able to record and process the audio clip. The user device may sendthe processed result of the recorded audio clip to the ATM forauthenticating the user device. The processed result of the recordedaudio clip may include a digital signature of a user of the user device.After being authenticated, the user device may be used via a mobileapplication of the user device to perform various financial activitieson the ATM, as described above.

In another embodiment, the ATM may be configured to have or incommunication with an image capture and processing device. The imagecapture and processing device can capture an image of a user of a userdevice and process the image of the user to verify who the user is(e.g., facial recognition). After being authenticated, the user devicemay be used via a mobile application of the user device to performvarious financial activities via the ATM, as described above.

The various embodiments described above are provided by way ofillustration only and should not be construed to limit the scope of thedisclosure. Various modifications and changes may be made to theprinciples described herein without following the example embodimentsand applications illustrated and described herein, and without departingfrom the spirit and scope of the disclosure.

We claim:
 1. An automatic teller machine (ATM), comprising: a display;one or more memory devices storing software instructions; and one ormore processors configured to execute the software instructions toperform operations to: detect, via a detection device within the ATMconfigured to detect telecommunication devices in a proximity of theATM, that a smart phone carried by a user is within a predefineddistance of the ATM; issue a notification, the notification indicatingthat a telecommunication device is within the predefined distance;display, in response to receiving the notification, a series of imageson the display, with a respective time interval occurring betweendisplaying each image in the series of images, resulting in a codeincluding the series of images and a plurality of time intervals, theplurality of time intervals comprising at least a first displayed timeinterval and a second displayed time interval; receive, from the smartphone of the user via a direct communication channel, captured timeintervals corresponding to times between when each image in the seriesof images was displayed, the captured time intervals comprising at leasta first captured time interval and a second captured time interval;receive a digital signature from a mobile application on the smartphone; authenticate the user based on the digital signature; compare thecaptured time intervals with the plurality of time intervals, resultingin a comparison, the comparison determining a match exists between thefirst captured time interval and the first displayed time interval; andthat a match exists between the second captured time interval and thesecond displayed time interval; and allow access to a customer accountvia the ATM based at least in part on the comparison.
 2. The ATM ofclaim 1, wherein: the series of images comprises at least one quickresponse (QR) code; and the allowing of access to the customer accountis based on a comparison of at least one OR code captured by the smartphone with the at least one OR code displayed by the display.
 3. The ATMof claim 1, wherein the one or more processors are further configured toexecute the software instructions to perform operations comprising:receive identifying information from a mobile application on the smartphone via the direct communication channel, the Identifying informationcomprising one or more of a customer name, a customer billing address, acustomer mailing address, a customer account number, a customer phonenumber, a customer email address, a customer birthday, and a customersocial security number; receive, from a service provider, a serviceprovider verification code, the service provider verification codeindicating that the service provider has authenticated the user toaccess a customer account based on identifying information providedthrough the mobile application on the smart phone; and authenticate theuser based on the identifying information and the service providerverification code.
 4. The ATM of claim 1, wherein each time interval inthe plurality of time intervals is random, such that the plurality oftime intervals comprises a plurality of distinct time between displayingof an image in the series of images.
 5. A method to be executed by anautomatic teller machine (ATM), the method comprising: detecting, via adetection device within the ATM configured to detect telecommunicationdevices in a proximity of the ATM, that a smart phone carried by a useris within a predefined distance of the ATM; issuing a notification, thenotification indicating that a telecommunication device is within theredefined distance; displaying, at the ATM in response to receiving thenotification, a series of images on an display, with a respective timeinterval occurring between each image in the series of images, resultingin a code as the series of images and a plurality of time intervals, theplurality of time intervals comprising at least a first displayed timeinterval and a second displayed time interval; receiving, at the ATMfrom the smart phone of the user via a direct communication channel,captured time intervals corresponding to times between when each imagein the series of images was displayed, the captured time intervalscomprising at least a first captured time interval and a second capturedtime interval; receiving a digital signature from a mobile applicationon the smart phone; and authenticate the user based on the digitalsignature; comparing, via a processor of the ATM, the captured timeintervals with the plurality of time intervals, resulting in acomparison, the comparison determining a match exists between the firstcaptured time interval and the first displayed time interval, and that amatch exists between the second captured time interval and the seconddisplayed time interval; and allowing access to a customer account viathe ATM based at least in part on the comparison.
 6. The method of claim5, further comprising: receiving, at the ATM via the directcommunication channel, identifying information from a mobile applicationon the smart phone, the identification comprising one or more of a username, a user billing address, a user mailing address, a user accountnumber, a user phone number, a user email address, a user birthday, anda user social security number; receive, from a service provider, aservice provider verification code, the service provider verificationcode indicating that the service provider has authenticated the user toaccess a customer account based on identifying information providedthrough the mobile application on the smart phone; and authenticating,via the processor, the user based on the identifying information.
 7. Themethod of claim 5, wherein the series of images comprises at least onequick response (QR) code.
 8. The method of claim 5, further comprising:generating, via the processor, the series of images only upon detectingthe smart phone within a predetermined distance of the ATM.
 9. Themethod of claim 5, wherein each time interval in the plurality of timeintervals is random, such that the plurality of time intervals comprisesa plurality of distinct time between displaying of an image in theseries of images.
 10. A system, comprising: an ATM; and a smart phonecarried by a user, wherein: the ATM detects, via a detection devicewithin the ATM configured to detect telecommunication devices in aproximity of the ATM, that the smart phone is within a predefineddistance of the ATM; issues a notification, the notification indicatingthat a telecommunication device is within the predefined distance; inresponse to receiving the notification, the ATM displays, via a display,a series of images, with a respective time interval occurring betweendisplaying each image in the series of images, resulting in a code asthe series of images and a plurality of time intervals, the plurality oftime intervals comprising at least a first displayed time interval and asecond displayed time interval; the smart phone captures, via a camera,the series of images; the ATM receives a digital signature from a mobileapplication on the smart phone; and authenticates the user based on thedigital signature; the smart phone transmits to the ATM, via a directcommunication channel, captured time intervals corresponding to timesbetween when each image in the series of images was displayed, thecaptured time intervals comprising at least a first captured timeinterval and a second captured time interval; the ATM compares, via aprocessor, the captured time intervals with the plurality of timeintervals, resulting in a comparison, the comparison determining a matchexists between the first captured time interval and the first displayedtime interval, and that a match exists between the second captured timeinterval and the second displayed time interval; and the ATM allowsaccess to a customer account via the ATM based at least in part on thecomparison.
 11. The system of claim 10, wherein: the ATM receivesidentifying information from a mobile application on the smart phone viathe direct communication channel, the identifying information comprisingone or more of a user name, a user billing address, a user mailingaddress, a user account number, a user phone number, a user emailaddress, a user birthday, and a user social security number; andreceiving, from a service provider, a service provider verificationcode, the service provider verification code indicating that the serviceprovider has authenticated the user to access a customer account basedon identifying information provided through the mobile application onthe smart phone.
 12. The system of claim 10, wherein the series ofimages comprises at least one quick response (QR) code.
 13. The systemof claim 10, wherein: a mobile application on the smart phone receives achallenge at the mobile application from the ATM; and the mobileapplication transmits a reply to the challenge to the ATM.
 14. Thesystem of claim 10, wherein each time interval in the plurality of timeintervals is random, such that the plurality of time intervals comprisesa plurality of distinct time between displaying of an image in theseries of images.